-brightgreen){kind=icon}
This module can be used to provision and configure Context Based Restrictions.
See in particular the fscloud module that enables creating an opiniated account-level coarse-grained set of CBR rules and zones aligned with the "secure by default" principles.
âšī¸ Tip: Changes to context-based restriction rules are propagated worldwide and have a TTL value of 10 minutes. Rule changes might not take effect until the propagation process is complete and the TTL cache is updated.
module "ibm_cbr" "zone" {
source = "terraform-ibm-modules/cbr/ibm//modules/cbr-zone-module"
version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
name = "zone_for_pg_access"
account_id = "defc0df06b644a9cabc6e44f55b3880s" # pragma: allowlist secret
zone_description = "Zone created from terraform"
addresses = [{type = "vpc",value = "vpc_crn"}]
}
module "ibm_cbr" "rule" {
# replace main with version
source = "terraform-ibm-modules/cbr/ibm//modules/cbr-rule-module"
version = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
name = "rule_for_pg_access"
rule_description = "rule from terraform"
enforcement_mode = "enabled"
rule_contexts = [{
attributes = [{
name = "networkZoneId"
value = "93a51a1debe2674193217209601dde6f" # pragma: allowlist secret
}]
}]
resources = [{
attributes = [
{
name = "accountId"
value = "defc0df06b644a9cabc6e44f55b3880s" # pragma: allowlist secret
operator = "stringEquals"
},
{
name = "resourceGroupId",
value = "8ce996b5e6ed4592ac0e39f4105351d6" # pragma: allowlist secret
operator = "stringEquals"
},
{
name = "serviceInstance"
value = "10732830-c128-48f0-aec6-c9eaa8d10c68" # pragma: allowlist secret
operator = "stringEquals"
},
{
name = "serviceName"
value = "cloud-object-storage"
operator = "stringEquals"
}
]
}]
operations = [{ api_types = [{
api_type_id = "crn:v1:bluemix:public:context-based-restrictions::::api-type:"
}]
}]
}You need the following permissions to run this module.
- Account Management
Editorrole access
- VPC Infrastructure Services
Editorrole access
| Name | Version |
|---|---|
| terraform | >= 1.3.0, <1.7.0 |
| ibm | >= 1.62.0, < 2.0.0 |
| Name | Source | Version |
|---|---|---|
| cbr_rule | ./modules/cbr-rule-module | n/a |
| cbr_zone | ./modules/cbr-zone-module | n/a |
| Name | Type |
|---|---|
| ibm_iam_account_settings.iam_account_settings | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| addresses | (List) The list of addresses in the zone | list(object({ |
[] |
no |
| enforcement_mode | (String) The rule enforcement mode | string |
"report" |
no |
| excluded_addresses | (Optional, List) The list of excluded addresses in the zone | list(object({ |
[] |
no |
| name | (Optional, String) The name of the zone | string |
null |
no |
| operations | (Optional, List) The operations this rule applies to | list(object({ |
[ |
no |
| resources | (Optional, List) The resources this rule apply to | list(object({ |
[] |
no |
| rule_contexts | (List) The contexts the rule applies to | list(object({ |
[ |
no |
| rule_description | (Optional, String) The description of the rule | string |
null |
no |
| zone_description | (Optional, String) The description of the zone | string |
null |
no |
| Name | Description |
|---|---|
| rule_crn | CBR rule resource instance crn |
| rule_href | CBR rule resource href |
| rule_id | CBR rule resource instance id |
| zone_crn | cbr_zone resource instance crn |
| zone_href | cbr_zone resource instance link |
| zone_id | cbr_zone resource instance id |
You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.
To set up your local development environment, see Local development setup in the project documentation.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent